It is mandatory for all the companies which are operating in EU our handling the data of the EU citizens to follow the new data protection law. The Prestashop GDPR Module by Knowband provides a tool the Prestashop store admin to meet the GDPR requirements.
What is GDPR?
The General Data Protection Regulation is a new, European data protection law that replaces the Data Protection Act 1998. Most of the eCommerce stores capture the personal data of the users to fulfill the orders, so as per the new regulation the origin of the customer data should be opt-in only that is also with the customer’s permission.
How will this affect e-commerce businesses?
The GDPR applies to all databases, marketing, and sales. Any means, by which the customer data is stored or processed, will fall under GDPR.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting an impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.
GDPR – Rights of the Individual Addon by Knowband:
Knowband has released the Prestashop GDPR – Rights of the Individual addon. The GDPR directives give some specific rights to the customers in EU to control their personal data. More precisely now customers have the right to know about the personal data collected by the company and how this data will be processed. Customers can access their personal data which they have provided to the data controller and also have the right to know about the third-parties with whom this data has been shared. In order to help the Prestashop store owners to meet the GDPR requirements, Knowband has developed the Prestashop GDPR Compliance Module.
How can the Prestashop GDPR addon by Knowband help you to comply with the new data protection law?
Before understanding the Prestashop GDPR module functionality we will first understand the right of the individuals which has been provided to them.
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.
After installing the Prestashop GDPR compliance module the store admin will be able to enable an interface for the customers so that they can access their rights provided under the GDPR. The GDPR Module for Prestashop platform handles the following rights of the customers:
1. The right of access
2. The right to rectification
3. The right to erasure
4. The right to restrict processing
5. The right to data portability
6. The right to object
7. Rights in relation to automated decision making and profiling.
Apart from these customer rights, the Prestashop GDPR addon offers additional features like:
2. Allow handling the GDPR requests from the guest customer: With the help of the Prestashop GDPR Addon Prestashop store admin can allows the guest users to access their GDPR rights with ease.
3. Reports for the requests raised by the customers: The Prestashop GDPR addon keeps the log of all the GDPR requests raised by the customers. Admin can use this data as the proof of the processing of the request. This information is also helpful for the store admin to delete/rectify the customer details from the third party services.
4. User consent (checkbox) on the Sign-up and contact forms: In the new version of the Prestashop GDPR - Rights of the Individual addon, feature to add checkboxes at the registration and contact form has been added. Admin can also add the link to the Privacy-policy/terms & conditions pages.
5. Right to erasure: In the new version of the Prestashop GDPR Module, the admin has the option to select the time duration after which the customer data will be erased from the system. This feature will allow the admin to enable the settings to delete the customer details immediately or after few days when the data deletion request was initiated.
6. Order deletion or anonymization: In the new version of the Prestashop GDPR module, the admin can select the deletion, random fill or no action options for the previous orders.
If the admin selects the Random Fill option, then, the personal details of the customer will be replaced by the random data, but the order details like order total and product details will remain as it is. This will help the admin to maintain the statistics for the order details.
7. Manage the third party modules: The Prestashop GDPR Module by Knowband allows the store admin to delete the customer data from the third party modules (if the third party module uses the data deletion hook introduced by Prestashop).
8. Prestashop hook integration: In order to make the Prestashop addons compliance with the official GDPR module, Prestashop has introduced the new hooks. The new version of the Prestashop GDPR module will be compliant with the official Prestashop GDPR module.
9. Download customer data: The Prestashop GDPR Addon allows the store admin to download the customer data from the back-office so that admin can share this data with the customer if the customer has requested for the personal data by using some other communication channel.
10. Deletion of the data from the back-office: This feature allows the store admin to delete the customer data from the back-office.
11. Request retention period: Admin will be able to define the retention period for the GDPR requests. After the specified retention period, the log of the GDPR requests will be deleted.
12. Cron set-up: In order to automate the data deletion and GDPR request retention process admin has the option to set up the crons.
13. Email Templates: The email templates help the store admin to communicate with the customer to get the consent before processing the GDPR requests.
14. Remove data from other GDPR compliance modules: The Prestashop GDPR Module by Knowband allows the store admin to delete the customer data from the third party modules, if these modules uses the GDPR hooks introduced by the Prestashop.
Please find the details of the customer rights and additional features below:
1. The right of Access to Personal Data
“Article 12 introduces the concept (all emphasis added unless otherwise stated):
The controller shall take appropriate measures to provide any information […] relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.”
As the customers have the right to request their personal data, so the Prestashop GDPR module developed by Knowband allows the store admin to handle the data access requests with ease. The user-friendly interface of the module allows the store admin to define the static fields from the back-office and the remaining data like - account details, order details etc will be fetched from the database. Admin can specify the third-party service providers in the field static fields. Customer will get the email with complete details of the personal data.
2. Right to data portability
“Article 20 states:
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.”
The Prestashop GDPR compliance addon allows the store admin to enable the data portability option for the customers. Customers will get an interface at the front end to export their personal data. By enabling the data portability settings admin can allow the customers to download the personal details, orders and addresses.
3. Right to be forgotten
The Prestashop GDPR addon provides the interface to the customers so that they can request for the deletion of their personal data. Admin can select the option to delete the personal information only. The admin can also enable the setting to delete the order details as well. If a customer request for the deletion of the data then a confirmation email will be sent to the entered email address and only if customer confirms the account deletion request only then the account details will be deleted. The process of the account deletion is automated and the account deleted once cannot be retrieved. If customer request for the data deletion then customer details will be deleted from the database only. If the customer information has been saved to some other location or shared with the third-party service providers then the admin needs to delete it manually.
4. Right to Data Rectification
As per the GDPR directives customers can make the required changes in the personal details if any detail is not correct or incomplete. The Prestashop GDPR compliance addon allows the store admin to enable the settings so that the customer can access easily make the required changes in their personal details.
5. Rights in relation to automated decision making
In the latest version of the Prestashop GDPR – rights of the individual module additional feature have been added so that admin can enable the settings so that customer can check the list of the services which makes the decisions based on the user behavior (without any human interference). Now admin can list all such services on the list and customer will have the option to select or block the services which he/she does now wish to use.
Additional features of the Prestashop GDPR Module:
1) Cookies Consent Bar
Recital 30 clarifies “online identifier” as mentioned in the Article 4 definition of personal data as below:
“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”
The Prestashop GDPR Module allows the store admin to provide an interface to the customers to block the cookies used by the third party services.
2) Data anonymization request
The Prestashop GDPR compliance module allows the store admin to enable an interface so that customers can request for the data anonymization. There are options available for the data anonymization.
a) Anonymization request: Admin can enable the Data Anonymization request settings and if the customer request for the anonymization then only name of the customer will be replaced by the Anonymous.
b) Email Id anonymization: Admin can enable the settings to generate the fake email Ids so that if a customer requests for the anonymization then customer has to confirm the email id anonymization as well. As per customer’s confirmation, a pseudo email id will be generated and send to the customer. The customer can use this email id to access his account.
c) Update order details: Admin can enable this setting from the back-office. If this setting is enabled then the order details will also be updated.
3) Enable for the Guest-users
Admin has the choice to display the GDPR rights tab to the registered user only or the guest user as well. In the new version of the Prestashop GDPR Compliance addon option to display the GDPR rights in the header section has been added. If the settings are enabled then the customers can access their GDPR rights without logging into their account.
4) Email templates
Whenever customer raises a request as per the GDPR rights a confirmation email is sent to the customer. The Prestashop GDPR module sends the confirmation email on following requests:
1) Personal data request
2) Data deletion request
3) Data anonymization request
The email templates for these emails are pre-defined which reduces the additional effort of the admin. Admin can also customize the email text as per the requirement.
Note: For all the reference mentioned here, please refer to the https://www.eugdpr.org/.
The purpose of these features is to help you to meet the GDPR requirements. Installing this module only does not guarantee merchant sites’ compliance with the new obligations imposed by the GDPR. It is your responsibility to put in place all the necessary measures to ensure you comply.
If there is a feature you want on your Prestashop store, chances are that a Prestashop plugin will allow you to do it, if you don't find any such plugin you can always contact us for your custom plugin development requirements.